Operating within the Data Protection Act isn’t difficult, but neither should it be managed piecemeal. As a business grows, thousands of customer records are generated and the need for data protection becomes increasingly important. At the same time the likelihood of a breach of the Act increases with the number of employees. Common reasons for breaching the Act include:

• not using data for the purpose it was collected, such as sending marketing information to people who haven’t consented;
• collecting excessive information, such as keeping a copy driving licence on file for ID purposes;
• not making efforts to keep customer data up to date;
• failure to dispose of data no longer in use;
• not responding to data access requests; or
• not securing data from unauthorised access.

I spent three years developing a data protection approach for one of the UKs biggest foster care agencies, where data protection was paramount. I understand the organisational challenges and the ‘quick wins’.

business risk management >